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1.1  Purpose. 

The  Local  Automation  Model  (LAM)  prototype  system  is  scheduled  for  installation  at  the 
Defense  Nuclear  Agency  (DNA)  in  November  1985.  This  implementation  plan  (IP)  for  the  prototype 
system  serves  two  purposes.  First  and  foremost,  it  is  the  overall  IP  for  DNA.  It  also  can  be  used  as  a 
model  for  others  preparing  automated  system  implementation  plans,  especially  those  for  the  LAM 
The  IP  contains  the  following  information: 

•  The  tasks  required  for  implementation 

•  The  organizational  elements  involved  in  planning  and  implementation 

•  A  summary  of  system  requirements 

•  General  guidelines  for  system  implementation. 

The  IP  document  will  remain  in  effect  throughout  system  implementation.  The  document  will 
be  modified  as  required  to  reflect  changes  in  planning  and  execution.  Tasks  are  summarized  in 
Section  3  of  the  IP  The  IP  provides  planning  assumptions  and  a  summary  of  system  requirements, 
organizes  the  tasks  to  be  accomplished  for  implementing  the  system  (as  developed  by  participating 
DNA  staff),  and  integrates  the  efforts  and  actions  of  those  responsible  for  system  implementation. 
Participants  in  the  implementation  planning  process  are  encouraged  to  comment  on  the  contents  of 
this  document  and  should  contact  the  Director  for  Technical  Information  concerning  questions  or 
comments  on  the  IP 

1.2  Project  References  and  Background. 

The  LAM  project  encompasses  system  design,  development,  and  evaluation  of  a  fully 
integrated  library  system  for  technical  libraries  and  is  sponsored  by  the  Defense  Technical  Infor¬ 
mation  Center  (DTIC)  located  at  Cameron  Station  in  Alexandria,  Virginia.  The  following  documents 
are  available  describing  the  life  cycle  development  of  the  system  to  date. 

•  Local  Automation  Model:  Conceptual  Design  Document.  Logistics  Management  Institute, 
April  1983 
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•  Local  Automation  Model:  Functional  Description.  Logistics  Management  Institute, 
October  1983 

•  Local  Automation  Model:  System  Specification.  Logistics  Management  Institute, 

February  1984 

•  Local  Automation  Model:  Assessment  of  Library  Software  Availability.  Logistics 

Management  Institute,  September  1984 

•  Local  Automation  Model:  Software  Benchmarking  Test  Plan.  Logistics  Management 
Institute,  March  1985. 

The  objective  of  the  LAM  project  is  to  provide  a  system  that  will  be  available  for 
implementation  by  Department  of  Defense  (DoD)  technical  libraries.  The  prototype 
system- implemented  at  DNA -will  provide  the  opportunity  to  demonstrate  and  evaluate  an 
automated  library  system  with  special  features  for  bibliographic  information  sharing.  The  system 
will  support  conventional  collection  handling  capabilities  such  as  original  cataloging  and  citation 
retrieval.  In  addition,  the  system  will  facilitate  information  sharing  between  DoD  technical  libraries 
and  DTIC  by  incorporating  "gateway”  processing  capabilities. 

Gateway  capabilities  required  for  the  system  include  (1)  automatic  searching  of  both  the  local 
technical  library  catalog  and  the  DTIC  Technical  Reports  (TR)  data  base  using  a  single  search 
language  and  format,  (2)  downloading  information  from  the  TR  data  base  to  the  local  system,  and 
(3)  machine-aided  translation  of  locally  created  catalog  citations  into  a  format  acceptable  for  entry  in 
the  TR  data  base.  Thus  with  one  system  and  one  set  of  commands,  a  technical  library  can 
( 1)  maintain  and  expand  a  catalog  tailored  to  local  needs,  (2)  access  the  information  contained  in  the 
TR  data  base,  and  (3)  contribute  directly  to  the  timely  dissemination  of  scientific  and  technical 
information  via  direct  cataloging  in  the  TR  data  base. 

Of  particular  interest  for  implementation  planning  is  the  requirement  for  processing  classified 
bibliographic  citations  (up  to  SECRET)  on  the  system.  Classified  citations  will  be  stored  on  the 
computer  at  DNA  and  transferred  between  DTIC  and  DNA.  In  addition,  access  to  the  citations 
contained  on  the  DNA  computer  must  be  available  to  the  system  users  -  library  staff  members  in  the 
DNA  technical  library  who  are  cleared  for  system  access. 
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Initiation  of  and  requirements  for  the  LAM  project  originated  from  the  need  to  reduce  the  TR 
data  base  cataloging  burden  placed  on  Shared  Bibliographic  Input  Network  (SBIN)  member  libraries 
and  thereby  promote  information  sharing.  SBIN  was  established  as  an  experiment  in  shared 
cataloging  and  has  become  an  ongoing  DTIC  program.  In  addition  to  providing  inputs  to  a  local 
catalog,  SBIN  member  libraries  catalog  their  documents  into  the  TR  data  base  using  the  Remote 
Terminal  Input  System  (RTIS)  available  on  the  Defense  Research,  Development,  Test,  and 
Evaluation  (RDT&E)  On-Line  System  (DROLS). 

Five  commercial  software  packages  were  evaluated  for  use  in  the  prototype  system.  As  a  result 
of  benchmarking,  one  of  the  five  commercial  packages  will  be  selected  for  prototype  system 
implementation.  Benchmarking  and  software  integration  (commercial  package  plus  the  gateway 
software)  will  continue  through  Fiscal  Year  1986  (FY86). 

The  prototype  and  production  systems  will  be  implemented  using  commercially  available 
library  software  The  gateway  features  available  in  the  prototype  system  will  be  provided  through 
adaptation  of  the  Integrated  Information  System  (IIS)  developed  by  the  Technology  Information 
System  (TIS)  group  located  at  Lawrence  Livermore  National  Laboratory  (LLNL).  Selection  of 
commercial  software  for  the  prototype  system  will  be  accomplished  through  performance 
benchmarking  as  documented  in  Local  Automation  Model.  Software  Benchmarking  Test  Plan. 

Included  in  the  LAM  project  is  the  development  of  an  acquisition  strategy  and  plan  for  a 
production  system  Competitive  bids  will  be  solicited  for  acquisition  of  the  production  system  The 
performance  specifications  and  statement  of  work  for  the  solicitation  will  be  developed  and  refined 
through  experience  gained  with  the  prototype  system  operating  at  DNA.  Operation  of  the  prototype 
system  at  DNA  represents  a  significant  stage  of  the  development  life  cycle  and  will  lay  the  foundation 
for  successful  acquisition  of  the  production  system  for  the  remainder  of  the  DoD  technical  libraries 
and  information  analysis  centers. 

13  Terms  and  Abbreviations. 

The  following  terms,  acronyms,  and  abbreviations  are  used  in  this  document. 


•  ASCII:  American  Standard  Code  for  Information  Interchange 


•  ATLAS:  Automated  Technical  Library  Accession  System -the  automated  catalog  of 
technical  report  bibliographic  citations  currently  maintained  by  DNA 

•  DNA:  Defense  Nuclear  Agency 

•  DoD.  Department  of  Defense 

•  DROLS:  Defense  RDT&E  On-Line  System 

•  DT1C:  Defense  Technical  Information  Center 

•  IIS:  Integrated  Information  System -an  intelligent  gateway  developed  and  supported 
exclusively  by  the  TIS  group  at  LLNL 

•  IP:  Implementation  Plan -the  planning  and  decision-making  steps  leading  to 

implementation  of  an  automated  system 

•  LAM:  Local  Automation  Model -a  project  sponsored  by  DTIC  for  demonstrating, 
evaluating,  and  acquiring  an  integrated  library  system  encompassing  local  collection 
management  and  access  to  external  bibliographic  resources 

•  LLNL:  Lawrence  Livermore  National  Laboratory -a  Department  of  Energy-funded, 
contractor-operated  research  and  development  laboratory  located  in  Livermore,  California 

•  RDT&E:  Research,  Development,  Test,  and  Evaluation 

•  RTIS:  The  Remote  Terminal  Input  System  operated  by  DTIC  and  used  to  transfer  TR  data 
base  inputs  from  on-line  user  files  to  the  TR  data  base 

•  SBIN:  Shared  Bibliographic  Input  Network 

•  TIS:  Technology  Information  System  -  used  to  describe  both  the  work  on  advanced 
information-handling  technology  and  the  organizational  element  (group)  performing  this 
work  at  LLNL 

•  TR  Data  Ba^e:  The  Technical  Reports  data  base  operated  and  maintained  by  DTIC 
containing  over  1  million  citations  to  reports  published  or  sponsored  by  DoD. 
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21  Description. 

The  implementation  plan  addresses  site  preparation,  installation,  accreditation,  operation,  and 
maintenance  of  a  dedicated  classified  minicomputer  along  with  required  support  and  applications 
software.  Staff  elements  within  DNA  headquarters  are  assigned  responsibilities  for  automated 
system  implementation.  Section  2.2,  "Participating  Staff  Elements,’’  lists  the  staff  elements 
participating  in  prototype  system  implementation.  Each  is  responsible  for  (1)  detailed 
implementation  planning  and  (2)  subsequent  management  and  execution  of  the  portions  of  the  plan 
falling  within  their  area  of  responsibility 

The  initial  version  of  the  IP  document  outlined  the  tasks  and  schedule  needed  for  successful, 
economical,  and  timely  system  implementation.  Responsibilities  for  planning  and  executing  the 
tasks  are  assigned  to  staff  elements,  which  in  turn  develop  detailed  plans  for  accomplishing  the  task. 
Subsequent  revisions  to  the  IP  reflect  these  detailed  plans.  Each  participating  staff  element  must 
determine  the  implementation  methods  and  details  best  suited  to  meet  the  overall  requirements  and 
schedule.  These  detailed  plans  and  corresponding  schedules  for  each  task  will  be  incorporated  into 
this  document  as  appendices.  The  tasks  are  summarized  in  Section  3,  "Implementation  Summary." 
2.2  Participating  Staff  Elements. 

Implementation  of  the  prototype  system  requires  participation  from  the  following  DNA 
headquarters  staff  elements  as  indicated: 

•  Comptroller  -  Data  Automation  Policy  and  Systems  Division 

Computer  operations 
Data  processing  technical  support 
Data  conversion  technical  support 
Risk  analysis 

System  accreditation  (lead  organization) 


•  Logistics  and  Engineering  Directorate 
Facilities  engineering: 


•  Utilities  and  environmental  conditioning  and  control 

•  Structural  alterations  and  modifications 

Telecommunications  planning  and  installation 

Communications  security 

•  Intelligence  and  Security  Directorate 

Physical  security 

TEMPEST  testing  and  accreditation 

Site  protection 

•  Counter-intelligence  Detachment 

Security  planning  assistance 

•  Technical  Library 

Implementation  planning  management 

Training 

System  operation 

Data  conversion  ( retrospective  cataloging) 

System  accreditation. 

2.3  Summary  of  Requirements. 

To  aid  in  implementation  planning,  the  following  summary  of  system  requirements  is 
provided.  This  list  represents  only  a  summary  of  the  requirements  most  likely  to  have  a  significant 
effect  on  system  implementation.  A  complete  description  of  requirements  is  contained  in  the  system 
documents  cited  in  Section  1.2,  "Project  References.”  A  review  of  these  documents  is  recommended, 
especially  during  the  initial  stages  of  implementation  planning. 

Prototype  Life  Cvcle  The  prototype  system  implemented  at  DNA  will  be  used  to  demonstrate 
the  concept  of  a  technical  library  automated  system  integrating  local  collection  management  with 
access  to  external  bibliographic  resources.  Experience  gained  with  the  prototype  system  will  be  used 
to  develop  performance  and  functional  specifications  for  a  competitive  acquisition  request-for- 
proposals  for  the  production  system  The  prototype  system  will  operate  approximately  1  year.  At  the 
conclusions  of  the  prototype  life  cycle,  DN'A  may  elect  to  implement  the  production  system  in  place  of 
the  prototype. 
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Classified  Citations.  The  system  will  store,  retrieve,  and  display  citations  which  can  be 
classified  up  to  SECRET  The  citations  will  be  stored  on-line  on  magnetic  disk,  entered  into  computer 
main  memory  for  processing,  and  displayed  on  video  display  terminals  located  in  the  technical 
library.  At  the  user's  request,  the  citations  may  be  printed  on  printers  located  in  the  technical  library 
and  in  the  computer  room.  Classified  citations  will  be  maintained  on  the  system  during  normal 
operating  hours.  Disk  packs  containing  classified  citations  may  only  be  removed  when  the  system  is 
not  operational. 

Access  Control.  Access  to  the  system  will  be  limited  to  members  of  the  technical  library  staff 
and  assigned  computer  operators.  These  users  have  access  to  the  system  via  terminals  located  in  the 
technical  library  and  the  computer  center.  The  system  controls  access  to  data  through  use  of  user 
identifications,  passwords,  and  access  privileges.  Passwords  must  be  safeguarded  by  users  and  will  be 
changed  randomly  to  reduce  the  likelihood  of  unauthorized  access.  Access  to  system  terminals  will  be 
limited  to  authorized  users  through  a  combination  of  physical  barriers  and  visual  inspection. 

The  technical  library  will  designate  a  system  administrator  with  responsibility  for  granting 
and  controlling  user  access  privileges.  Access  privileges  govern  the  ability  of  users  to  read,  write,  and 
alter  data  or  commands  on  the  system.  The  system  will  maintain  an  audit  trail  of  access  attempts, 
transactions  accessing  classified  data  or  system  software,  and  user  activity  on  the  system. 

Terminal  Locations.  Video  display  terminals  used  to  access  system  functions  and  display  data 
contained  in  the  system  will  be  located  in  the  technical  library  and  the  office  of  the  Director, 
Technical  Information.  These  terminals  will  display  data  classified  up  to  SECRET.  In  addition,  the 
terminals  located  in  the  technical  library  will  have  attached  printers  capable  of  printing  data 
transmitted  to  the  terminal  screen. 

Existing  Catalog.  The  technical  library  maintains  an  automated  catalog  of  report  citations. 
ATLAS  contains  technical  report  bibliographic  citations  which  must  be  converted  for  use  within  the 
prototype  system.  In  addition,  other  files  used  by  the  technical  library  for  tracking  contractor 
deliverables  and  technical  report  review  and  publication  will  be  considered  for  conversion  to  the  LAM 
system. 
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DROLS  Access.  DTIC  provides  access  to  the  TR  data  base  containing  citations  to  over  one 
million  DoD  technical  reports.  The  prototype  system  permits  users  to  simultaneously  search  the  TR 
data  base  and  the  local  catalog.  At  present,  Dl\A  operates  a  classified,  2400-baud  dedicated  line  for 
accessing  the  TR  data  base  via  DROLS.  Located  in  the  technical  library,  this  line  must  be  relocated 
to  the  computer  room  housing  the  computer  running  the  prototype  system.  The  relocated  line  will  not 
be  activated  until  the  system  is  accredited  for  classified  processing.  In  the  interim,  an  unclassified, 
asynchronous  dial-up  line  will  be  added  to  the  computer  for  software  testing  and  debugging. 

Access  to  DROLS  terminals  is  restricted  to  cleared  members  of  the  DoD  community.  The 
security  regulations  and  procedures  of  the  organizations  operating  remote  terminals  govern 
installation  and  safeguarding  of  the  terminal.  DTIC  has  established  guidelines  for  operating 
classified  DROLS  terminals.  These  are  contained  in  Defense  Logistics  Agency  Regulation  5230.3, 
"Security  Measures  Applicable  to  the  Defense  Research,  Development,  Test,  and  Evaluation 
(RDT&E)  On-line  System,”  9  January  1980  (under  revision).  In  addition,  DTIC  may  inspect  remote 
terminal  sites  for  the  purpose  of  ensuring  compliance  with  operating  guidelines. 

Computer  Operations  Support.  While  staff  members  of  the  technical  library  will  be  responsible 
for  operating  the  system  in  support  of  day-to-day  library  operations,  additional  staffing  is  required  to 
handle  computer  operations. 

Hardware  Specifications.  The  specific  brand  and  model  of  computer  required  to  operate  the 
system  has  not  been  established.  However,  characteristics  of  the  system  have  been  developed,  as 
follows: 

•  6  megabytes  of  main  (real)  memory 

•  600  megabytes  of  on-line  disk  storage  capacity 

•  Operator’s  console/terminal 

•  1  high-speed  line  printer  located  with  the  computer 

•  Communications  controller/multiplexer  for  local  terminal  and  printer  network 

•  4800  baud  local  terminal  and  printer  network  capable  of  handling  data  classified  up  to 
SECRET 


•  5  video  display  terminals  each  with  low-speed  printers  located  in  the  technical  library 
(TEMPEST  certified) 

•  2  video  display  terminals  and  1  low-speed  printer  located  in  the  office  of  the  Director, 
Technical  Information  (TEMPEST  certified) 

•  Encryption  device  and  modem  for  the  DROLS  classified  line  (currently  installed  in  the 
technical  library). 

Selection  of  the  prototype  system  computer  will  occur  at  the  end  of  performance  benchmarking. 
For  the  purposes  of  implementation  planning,  use  the  characteristics  and  dimensions  of  the  Digital 
Equipment  Corporation  VAX  11/750  processor  with  corresponding  cabinet- mounted  disk  storage 
units. 

2.3.1  Support  Materials. 

To  be  determined. 

2.3.2  Training. 

See  "Training”  listed  in  Section  3.1,  "Tasks.” 

2.3.3  Personnel  Requirements. 

To  be  determined. 


2.3.4  Personnel  Orientation. 

See  "Training”  in  Section  3.1,  "Tasks. 


SECTION  3.  IMPLEMENTATION  SUMMARY 


3.1  Tasks. 

The  following  tasks  must  be  accomplished  for  implementation  of  the  prototype  system.  A  brief 
description  of  the  task,  the  staff  element  responsible  for  the  task,  and  the  location  of  the  detailed  task 
plan  is  given.  Detailed  task  plans  are  contained  in  the  appendices  to  this  document.  Task 
descriptions  may  be  modified  upon  recommendation  from  the  staff  element  responsible. 

TASK:  Computer  Site  Selection. 

Staff  Element:  COMP-1.  The  location  of  the  computer  within  the  designated  computer  room 
must  be  established.  In  selecting  a  location,  consideration  must  be  given  to  availability  of  electrical 
power  and  access  to  telephone  lines  for  DROLS  installation.  Consideration  must  also  be  given  to 
safeguarding  the  computer  once  installed.  Safeguarding  includes  limitations  and  control  over 
physical  access  to  the  equipment  and  surrounding  area  for  TEMPEST  control  (See  Appendix  A). 

TASK.  Utilities  and  Environmental  Control- 

Staff  Element:  LEEE.  Installation  of  the  computer  for  the  prototype  system  will  require 
modifications  to  the  utilities  available  within  the  computer  room.  As  a  minimum,  electrical  power 
must  be  provided  in  the  vicinity  of  the  computer.  For  planning  purposes,  assume  power  requirements 
of  210-230  volts  and  30  amperes  (See  Appendix  B). 

TASK:  Structural  Alterations  and  Modifications. 

Staff  Element:  LEEE.  Modifications  to  the  current  computer  room  may  be  required  prior  to 
installation.  Describe  required  modifications,  if  any,  and  develop  a  plan  for  making  the  modifications 
(See  Appendix  C). 

TASK:  Access  Controls  and  Physical  Security. 

Staff  Element:  OAIS  and  STTI.  The  prototype  system  will  contain  citations  classified  up  to 
SECRET.  In  addition,  the  operation  of  the  technical  library  will  depend  on  the  functioning  of  the 
computer  running  the  prototype  system.  Physical  access  to  the  computer  must  be  limited  to  those 


staff  members  responsible  for  system  operation  and  maintenance.  Similarly,  access  to  video  display 
terminals  and  the  telecommunications  network  with  access  to  the  system  must  be  controlled  and 
limited  to  authorized  library  staff  members.  The  STTI  Security  Standard  Operating  Procedures  must 
be  modified  to  reflect  additional  access  safeguards  and  security  procedures  for  the  prototype  system. 

Because  the  computer,  local  network,  terminals,  and  printers  will  process  classified  data, 
emanations  from  these  devices  must  also  be  shielded  from  unauthorized  detection.  Shielding  for  the 
network,  terminals,  and  printers  can  be  achieved  through  use  of  devices  specifically  manufactured  for 
processing  classified  information  (i.e. ,  TEMPEST  certified  components).  Shielding  of  the  computer 

t 

and  disk  drives  can  be  accomplished  with  electrical  or  physical  barriers  which  either  mask 
emanations  or  restrict  access  to  areas  where  emanations  can  be  detected.  (See  Appendix  D.) 

TASK:  Local  Network  Installation. 

Staff  Element:  LECD.  The  computer  running  the  prototype  system  will  be  located  in  the 
Headquarters,  DNA  Main  Computer  Facility.  The  system  must  be  accessible  from  terminals  located 
in  the  technical  library  and  in  the  Office  of  the  Director,  Technical  Information.  A  local  network 
must  be  installed  to  support  access  to  the  system.  The  network  must  handle  classified  information 
and  support  a  minimum  communications  rate  of  4800  baud.  Two  terminals  and  a  printer  will  be 
located  in  the  Office  of  the  Director,  Technical  Information.  Five  terminals  with  printers  will  be 
located  in  the  technical  library  (See  Appendix  E). 

TASK:  DROLS  Line  Relocation. 

Staff  Element:  LECD.  At  present,  the  dedicated,  classified  telephone  line  for  DROLS  access 
terminates  in  the  technical  library,  with  encryption  gear  located  in  the  communications  center.  The 
terminus  of  this  line  must  be  moved  from  the  technical  library  to  the  computer  room  and  installed 
adjacent  to  the  computer  running  the  prototype  system.  The  DROLS  line  will  be  connected  to  the 
computer  to  permit  automated  access  to  the  DTIC  TR  data  base.  Connection  of  the  relocated  DROLS 
line  must  be  done  concurrent  with  or  shortly  after  system  accreditation.  Movement  of  the  DROLS 
line  must  be  coordinated  with  STTI  because  the  unavailability  of  the  line  during  relocation  affects 
library  operations  (See  Appendix  F). 
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TASK:  Hardware  Installation  and  Testing. 

Staff  Element:  COMP-1.  Hardware  requirements  for  the  prototype  system  are  listed  in 
Section  2.3,  "Summary  of  Requirements.”  The  following  equipment  will  be  installed  within  the 
computer  room:  central  processor,  disk  drives,  operator  console/terminal,  high-speed  line  printer,  and 
communications  controller  (and  multiplexer,  if  required)  for  the  local  network.  The  encryption  gear 
and  modem  for  the  DROLS  telephone  line  will  remain  in  the  communications  center.  Prior  to 
software  installation  and  testing,  prototype  system  hardware  must  be  tested  and  debugged  (See 
Appendix  G). 

TASK:  Software  Installation  and  Testing. 

Staff  Element:  COMP-1.  Installation  of  the  prototype  system  software  will  be  performed  by  a 
team  from  LLNL  and  the  commercial  package  vendor.  DN'A  staff  members  assigned  as  system 
operators,  if  selected,  should  also  participate  in  the  installation.  Software  testing  under  this  task  will 
focus  on  operability  and  functionality  of  the  commercial  software  package  and  the  associated  gateway 
software  (See  Appendix  H). 

TASK:  Risk  Analysis  and  System  Accreditation- 

Staff  Element:  COMP-1.  Risk  analysis  covers  practically  every  facet  of  system 
implementation  from  suitability  of  the  computer  site  to  plans  for  data  backup  and  recovery.  The  aim 
is  to  identify  hazards  (risks)  to  system  operation  and  select  methods  for  reducing  or  eliminating  the 
risk.  Several  publications  provide  guidelines  for  conducting  risk  analysis: 

•  Guidelines  for  Automatic  Data  Processing  Physical  Security  and  Risk  Management. 
Federal  Information  Processing  Standards  Publication  31,  National  Bureau  of  Standards, 
June  1974 

•  Guideline  for  Automatic  Data  Processing  Risk  Analysis.  Federal  Information  Processing 
Standards  Publication  65,  National  Bureau  of  Standards,  1  August  1979 

•  Guideline  for  Computer  Security  Certification  and  Accreditation.  Federal  Information 
Processing  Standards  Publication  102,  National  Bureau  of  Standards,  27  September  1983. 

In  addition,  there  have  been  other  computer  site  risk  analyses  conducted  at  DN  A.  These  can  be 
used  to  cover  the  LAM  prototype  system  to  the  extent  that  there  are  similarities  in  the  systems  (e  g., 
located  in  the  same  computer  room). 
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As  a  result  of  risk  analysis,  corrective  actions  are  initiated,  as  required,  and  plans  developed  to 
operate  the  prototype  as  a  protected  system.  Completion  of  the  risk  analysis  and  corresponding 
followup  actions  leads  to  system  accreditation  for  processing  and  storing  classified  data  (See 


Appendix  I). 

TASK:  File  Conversion. 

Staff  Element:  STTI  and  COMP- 1.  In  conjunction  with  software  installation  and  testing,  the 
existing  ATLAS  file  must  be  converted  to  a  format  compatible  with  the  prototype  system  catalog.  The 
bibliographic  data  contained  in  the  ATLAS  file  will  form  the  core  of  the  new  on-line  catalog 
maintained  with  the  prototype  system.  This  core  file  will  be  augmented  with  information  contained 
in  hard  copy  files  (e.g.,  classified  subject  terms  and  descriptors).  In  addition,  other  files  used  by  STTI 
for  patron  identification,  tracking  contractor  deliverables,  technical  report  review,  and  document 
printing  and  distribution  must  be  converted  to  the  prototype  system  (See  Appendix  J). 

TASK:  Training. 

StaffElement:  STTI  and  COMP- 1.  Technical  library  staff  members  must  be  trained  to  use  the 
prototype  system.  Training  will  cover  system  functions  and  procedures  for  retrieval,  cataloging,  and 
circulation  management  and  control.  A  system  operator  must  be  trained  to  perform  file  backup  and 
recovery,  daily  startup  and  shutdown  procedures,  and  other  recurring  file  maintenance  tasks  (See 
Appendix  K). 

TASK:  Software  Analysis. 

Staff  Element:  COMP-1.  In  conjunction  with  the  system  risk  analysis,  tests  must  be  conducted 
on  the  access  controls  and  security  safeguards  provided  by  the  system  software.  System  features  such 
as  password  protection,  data  and  program  access  authority,  transaction  logging,  and  audit  trailing 
must  be  exercised  and  evaluated.  The  STTI  Security  Standard  Operating  Procedures  must  be 
modified  to  reflect  additional  operating  safeguards  and  security  procedures  for  protecting  the 
prototype  system  software  and  data.  COMP-1,  working  in  conjunction  with  the  STTI  System 
Administrator,  must  develop  security  auditing  measures  effective  for  safeguarding  data  and 
programs  on  the  prototype  system  computer  (See  Appendix  L). 
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TASK:  COMPUTER  SITE  SELECTION 


STAFF  ELEMENT:  COMP-1 

Task  Summary,  The  location  of  the  computer  within  the  designated  computer  room  must  be 
established.  In  selecting  a  location,  consideration  must  be  given  to  availability  of  electrical  power 
and  access  to  telephone  lines  for  the  Defense  Research,  Development,  Test,  and  Evaluation  (RDT&E) 
On-Line  System  (DROLS)  installation.  Consideration  must  also  be  given  to  safeguarding  the 
computer  once  installed.  Safeguarding  includes  limitations  and  control  over  physical  access  to  the 
equipment  and  surrounding  area  for  TEMPEST  control. 

Completed  Actions.  The  computer,  disk  drives,  operator’s  console,  local  network 
communications  controller,  and  line  printer  will  be  located  within  the  Headquarters,  Defense 
Nuclear  Agency  (DNA)  Main  Computer  Facility. 

Pending  Actions.  Develop  a  floor  plan  for  positioning  the  computer  and  accompanying 
equipment  within  the  Main  Computer  Facility.  For  planning  purposes,  the  following  equipment, 
manufactured  by  the  Digital  Equipment  Corporation  (DEC),  will  be  located  in  the  facility: 

•  VAX  1 1/750  central  processing  unit  (750XA-BE) 

•  Winchester  disk  subsystem  (RUA81-CA),  456  Megabytes,  cabinet-mounted.with  controller 

•  Rack-mounted  removable  disk  drive  (RA60-AA),  205  Megabytes 

•  Communications  controller  (DMF32-LP) 

•  Medium-speed  line  printer  (LP32-EB),  445  lines  per  minute,  96  character  set. 

A  copy  of  the  completed  floor  plan  will  be  provided  to  LEEE  for  use  in  planning  electrical 

utility  and  structural  modifications. 


Task  Summary.  Installation  of  the  computer  for  the  prototype  system  will  require 
modifications  to  the  utilities  available  within  the  computer  room.  As  a  minimum,  electrical  power 
must  be  provided  in  the  vicinity  of  the  computer. 

Completed  Actions.  None. 

Pending  Actions.  Upon  receipt  of  a  floor  plan  and  equipment  power  requirements  from 
COMP-1,  initiate  and  monitor  a  request  to  the  General  Services  Administration  (GSA)  to  make 
required  modifications  to  the  electrical  system.  Allow  6  weeks  from  the  time  the  request  is  made  to 
GSA  to  complete  the  required  modifications.  On  the  basis  of  using  the  DEC  VAX  1 1/750  processor  for 
the  prototype,  no  environmental  control  modifications  are  anticipated 


APPENDIX  C 


TASK:  STRUCTURAL  ALTERATIONS  AND  MODIFICATIONS 
STAFF  ELEMENT:  LEEE 

Task  Summary  Modifications  to  the  current  computer  room  may  be  required  prior  to 
installation.  Describe  required  modifications,  if  any,  and  develop  a  plan  for  making  the 
modifications. 

Completed  Actions.  None. 

Pending  Actions.  Upon  receipt  of  a  floor  plan  from  COMP-1,  assess  the  need  for  structural 
alterations.  (On  the  basis  of  using  the  Digital  Equipment  Corporation  (DEC)  VAX  11/750  processor 
for  the  prototype  system,  no  structural  alterations  or  modifications  are  anticipated.) 


APPENDIX  D 


TASK:  ACCESS  CONTROLS  AND  PHYSICAL  SECURITY 
STAFF  ELEMENT:  PAIS 


Task  Summary.  The  prototype  system  will  contain  citations  classified  up  to  SECRET.  In 
addition,  the  operation  of  the  technical  library  will  depend  on  the  functioning  of  the  computer 
running  the  prototype  system.  Physical  access  to  the  computer  must  be  limited  to  those  staff 
members  responsible  for  system  operation  and  maintenance.  Similarly,  access  to  video  display 
terminals  and  the  telecommunications  network  with  access  to  the  system  must  be  controlled  and 
limited  to  authorized  library  staff  members.  The  STTI  Security  Standard  Operating  Procedures  must 
be  modified  to  reflect  additional  access  safeguards  and  security  procedures  for  the  prototype  system. 

Because  the  computer,  local  network,  terminals,  and  printers  will  process  classified  data, 
emanations  from  these  devices  must  also  be  shielded  from  unauthorized  detection.  Shielding  for  the 
network,  terminals,  and  printers  can  be  achieved  through  use  of  devices  specifically  manufactured  for 
processing  classified  information  (i.e.,  TEMPEST  certified  components).  Shielding  of  the  computer 
and  disk  drives  can  be  accomplished  with  electrical  or  physical  barriers  which  either  mask 
emanations  or  restrict  access  to  areas  where  emanations  can  be  detected. 

Completed  Actions  A  physical  security  assessment  has  been  conducted  for  the  Main  Computer 
Facilit>  in  conjunction  with  a  previous  site  accreditation.  The  prototype  system  will  be  located  within 
this  facility 

Pending  Actions  Assess  the  physical  security  of  the  proposed  computer  installation  and 
accompanying  terminal  network  Recommend  modifications  to  facilities  and  operating  procedures  to 
ensure  the  physical  security  of  the  equipment  and  data.  Assist  COMP-1  and  STTI  in  accomplishing 
the  recommended  modifications 


APPENDIX  E 


TASK:  LOCAL  NETWORK  INSTALLATION 
STAFF  ELEMENT:  LECD 


Task  Summary.  The  computer  running  the  prototype  system  will  be  located  in  the 
Headquarters,  DNA  Main  Computer  Facility.  The  system  must  be  accessible  from  terminals  located 
in  the  technical  library  and  in  the  Office  of  the  Director,  Technical  Information.  A  local  network 
must  be  installed  to  support  access  to  the  system.  The  network  must  handle  classified  information 
and  support  a  minimum  communications  rate  of  4800  baud.  Two  terminals  and  a  printer  will  be 
located  in  the  Office  of  the  Director,  Technical  Information.  Five  terminals  with  printers  will  be 
located  in  the  technical  library 

Completed  Actions.  A  request  for  planning  and  engineering  services  has  been  prepared  and 
submitted.  A  site  visit  has  been  conducted  for  the  purpose  of  preparing  the  network  installation  plan. 
Network  components  and  installation  supplies  have  been  ordered  and  some  have  arrived  at  DNA. 

Pending  Actions.  The  network  plan  must  be  reviewed  and  approved  by  LECD.  It  is  anticipated 
that  the  plan  will  be  submitted  to  DNA  by  the  end  of  July  1985.  After  review  of  the  plan  and  receipt 
of  required  supplies,  schedule  installation  of  the  network.  Develop  a  time  estimate  for  installing  the 
network  once  the  installation  request  is  made. 


APPENDIX  F 


TASK:  DROLS  LINE  RELOCATION 
STAFF  ELEMENT:  LECD 


Task  Summary  At  present,  the  dedicated,  classified  telephone  line  for  DROLS  access 
terminates  in  the  technical  library,  with  encryption  gear  located  in  the  communications  center.  The 
terminus  of  this  line  must  be  moved  from  the  technical  library  to  the  computer  room  and  installed 
adjacent  to  the  computer  running  the  prototype  system.  The  DROLS  line  will  be  connected  to  the 
computer  to  permit  automated  access  to  the  Defense  Technical  Information  Center  (DTIC)  Technical 
Reports  (TR)  data  base.  Connection  of  the  relocated  DROLS  line  must  be  done  concurrent  with  or 
shortly  after  system  accreditation.  Movement  of  the  DROLS  line  must  be  coordinated  with  STTI 
because  the  unavailability  of  the  line  during  relocation  affects  library  operations. 

Completed  Actions.  None. 

Pending  Actions.  Coordinate  relocation  of  the  DROLS  line  with  Mrs.  Sandra  Young,  STTI. 
Submit  a  request  to  have  the  telephone  line  relocated.  Allow  approximately  1  month  to  complete  the 
relocation.  Plan  to  have  the  relocation  completed  after  system  accreditation,  because  the  relocated 
line  cannot  be  connected  to  the  computer  until  approval  to  process  classified  data  on  the  prototype 
system  has  been  granted. 


APPENDIX  G 


TASK:  HARDWARE  AND  INSTALLATION  AND  TESTING 
STAFF  ELEMENT:  COMP-1 


Task  Summary.  Hardware  requirements  for  the  prototype  system  are  listed  in  Section  2.3, 
"Summary  of  Requirements.”  The  following  equipment  will  be  installed  within  the  computer  room, 
central  processor,  disk  drives,  operator  console/terminal,  high-speed  line  printer,  and 
communications  controller  (and  multiplexer,  if  required)  for  the  local  network.  See  Appendix  A  for  a 
description  of  the  equipment  planned  for  installation  in  the  Main  Computer  Facility.  The  encryption 
gear  and  modem  for  the  DROLS  telephone  line  will  remain  in  the  communications  center.  Prior  to 
software  installation  and  testing,  prototype  system  hardware  must  be  tested  and  debugged. 

Completed  Actions.  None. 

Pending  Actions.  Coordinate  delivery  of  system  hardware  with  the  supplier  selected  by 


Lawrence  Livermore  National  Laboratory  (LLNL).  The  supplier  will  be  responsible  to  COMP-1  for 
delivering,  installing,  and  debugging  system  hardware. 


APPENDIX  H 


TASK:  SOFTWARE  INSTALLATION  AND  TESTING 
STAFF  ELEMENT:  COMP-1 


Task  Summary.  Installation  of  the  prototype  system  software  will  be  performed  by  a  team 
from  LLNL  and  the  commercial  package  vendor.  DNA  staff  members  assigned  as  system  operators,  if 
selected,  should  also  participate  in  the  installation.  Software  testing  under  this  task  will  focus  on 
operability  and  functionality  of  the  commercial  software  package  and  the  associated  gateway 
software. 

Completed  Actions.  None. 

Pending  Actions.  Benchmarking  of  software  packages  will  continue  through  the  end  of 
July  1985.  Once  benchmarking  is  completed,  a  package  will  be  selected  for  the  prototype.  After  the 
selection  is  made,  COMP-1  will  coordinate  with  the  vendor  to  arrange  installation  of  the  package. 
The  software  vendor  will  be  responsible  to  COMP-1  for  installing,  testing,  and  debugging  the  package 
provided.  Software  analysis  (see  Appendix  L)  may  be  conducted  in  conjunction  with  the  later  stages 
of  software  installation  and  debugging. 
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STAFF  ELEMENT:  COMP-1 


Task  Summary.  Risk  analysis  covers  practically  every  facet  of  system  implementation  from 
suitability  of  the  computer  site  to  plans  for  data  backup  and  recovery.  The  aim  is  to  identify  hazards 
(risks)  to  system  operation  and  select  methods  for  reducing  or  eliminating  the  risk.  Several 
publications  provide  guidelines  for  conducting  risk  analysis: 

•  Guidelines  for  Automatic  Data  Processing  Physical  Security  and  Risk  Management. 


Federal  Information  Processing  Standards  Publication  31,  National  Bureau  of  Standards, 
June  1974  * 

•  Guideline  for  Automatic  Data  Processing  Risk  Analysis.  Federal  Information  Processing 


Standards  Publication  65,  National  Bureau  of  Standards,  1  August  1979 
•  Guideline  for  Computer  Security  Certification  and  Accreditation.  Federal  -nformation 


Processing  Standards  Publication  102,  National  Bureau  of  Standards,  27  September  1983. 

In  addition,  there  have  been  other  computer  site  risk  analyses  conducted  at  DNA.  These  can  be 
used  to  cover  the  Local  Automation  Model  (LAM)  prototype  system  to  the  extent  that  there  are 
similarities  in  the  systems  (e.g.,  located  in  the  same  computer  room). 

As  a  result  of  risk  analysis,  corrective  actions  are  initiated,  as  required,  and  plans  developed  to 
operate  the  prototype  as  a  protected  system.  Completion  of  the  risk  analysis  and  corresponding 
followup  actions  leads  to  system  accreditation  for  processing  and  storing  classified  data. 

Completed  Actions.  A  risk  analysis  has  been  completed  and  accreditation  received  for 
processing  classified  data  within  the  Headquarters,  DNA  Main  Computer  Facility. 

Pending  Actions.  Conduct  a  risk  analysis  for  the  LAM  prototype  system  to  augment  the 
assessment  already  completed  for  the  Main  Computer  Facility.  Initiate  any  corrective  actions 
required  to  obtain  accreditation  for  the  LAM  prototype  system.  Develop  and  document  file  backup 
and  recovery  procedures.  Obtain  approval  for  processing  and  storing  classified  data  on  the  prototype 


system. 


APPENDIX  J 


TASK;  FILE  CONVERSION 
STAFF  ELEMENT:  STTI  AND  COMP-1 

Task  Summary.  In  conjunction  with  software  installation  and  testing,  the  existing  Automated 
Technical  Library  Accession  System  (ATLAS)  file  must  be  converted  to  a  format  compatible  with  the 
prototype  system  catalog.  The  bibliographic  data  contained  in  the  ATLAS  file  will  form  the  core  of 
the  new  on-line  catalog  maintained  with  the  prototype  system.  This  core  file  will  be  augmented  with 
information  contained  in  hard  copy  files  (e  g.,  classified  subject  terms  and  descriptors).  In  addition, 
other  files  used  by  STTI  for  tracking  contractor  deliverables,  technical  report  review,  and  document 
printing  and  distribution  must  be  considered  for  conversion  to  the  prototype  system. 

Completed  Actions.  Files  considered  for  conversion  to  the  LAM  system  have  been  identified. 

Pending  Actions.  The  vendor  providing  the  prototype  system  software  will  provide  services  to 
perform  the  file  conversions.  COMP-1  will  provide  technical  assistance  and  supervision  for  the 
conversion  of  files  presently  maintained  by  COMP-1.  STTI  will  plan  for  augmenting  the  ATLAS  file 
with  data  contained  on  cards.  This  involves  keyboarding  the  data  contained  on  the  cards  (primarily 
classified  subject  terms  and  descriptors)  into  the  prototype  system.  In  some  instances,  data  contained 
on  the  DTIC  TR  data  base  can  be  downloaded  and  added  to  the  prototype  system  catalog  (e.g., 
abstracts  for  reports  held  at  both  DTIC  and  DNA). 


APPENDIX  L 


TASK;  SOFTWARE  ANALYSIS 
STAFF  ELEMENT:  COMP-1 

Task  Summary.  In  conjunction  with  the  system  risk  analysis,  tests  must  be  conducted  on  the 
access  controls  and  security  safeguards  provided  by  the  system  software.  System  features  such  as 
password  protection,  data  and  program  access  authority,  transaction  logging,  and  audit  trailing  must 
be  exercised  and  evaluated.  The  STTI  Security  Standard  Operating  Procedures  must  be  modified  to 
reflect  additional  operating  safeguards  and  security  procedures  for  protecting  the  prototype  system 
software  and  data.  COMP- 1,  working  in  conjunction  with  the  STTI  System  Administrator,  must 
develop  security  auditing  measures  effective  for  safeguarding  data  and  programs  on  the  prototype 
system  computer. 

Completed  Actions.  None. 

Pending  Actions.  After  selection  of  the  prototype  system  software,  review  documented  access 
and  software  controls  provided  by  the  package.  Prepare  a  plan  for  testing  and  assessing  these 
features.  After  or  in  conjunction  with  software  installation  and  testing  (see  Appendix  H),  conduct 
tests  of  the  software  and  data  access  controls.  Develop  procedures  for  maintaining  and  reviewing  a 
system  transaction  audit  trail.  Establish  and  document  procedures  and  practices  for  establishing  and 
changing  user  passwords  and  file  and  data  access  controls. 

The  following  are  the  names  of  the  packages  being  evaluated  along  with  the  name  of  the 
company  providing  the  package  and  the  corresponding  computer  operating  system; 

•  BIBLIOTECH  -Comstow  Information  Service,  Digital  Equipment  Corporation  (DEC) 
VMS 

•  BRS/SEARCH  -  Bibliographic  Retrieval  Service,  DEC  VMS  or  UNIX  (Bell  Labs  or 
Berkeley  versions) 

•  DATALIB  -  M/A-COM  Sigma  Data,  Incorporated,  DEC  VMS  or  Data  General  AOS 

•  LS/2000  -  OCLC,  Incorporated,  MUMPS/MIIS 


« 


APPENDIX  K 


TASK:  TRAINING 


STAFF  ELEMENT:  STTI 


Task  Summary.  Technical  library  staff  members  must  be  trained  to  use  the  prototype  system. 
Training  will  cover  system  functions  and  procedures  for  retrieval,  cataloging,  and  circulation 
management  and  control.  A  system  operator  must  be  trained  to  perform  file  backup  and  recovery, 
daily  startup  and  shutdown  procedures,  and  other  recurring  file  maintenance  tasks. 

Completed  Actions.  None. 

Pending  Actions.  After  selection  of  the  prototype  system  software,  coordinate  training  with  the 
vendor  providing  the  package.  Normally,  training  is  considered  part  of  software  installation  and  is 
provided  by  the  vendor.  Designate  a  system  operator  and  backup  operator(s).  The  system  operator 
will  be  provided  by  and  work  under  the  supervision  of  COMP-1. 
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